Bug 1196134 - add ability for admins to force a user to change their password on next login

1 files changed, 7 insertions, 18 deletions

diff --git a/token.cgi b/token.cgi
index e87e24fab..a326b2f32 100755
--- a/token.cgi
+++ b/token.cgi
@@ -212,25 +212,14 @@ sub changePassword {
     my ($token, $password) = @_;
     my $dbh = Bugzilla->dbh;
 
-    # Create a crypted version of the new password
-    my $cryptedpassword = bz_crypt($password);
-
-    # Get the user's ID from the tokens table.
-    my ($userid) = $dbh->selectrow_array('SELECT userid FROM tokens
-                                          WHERE token = ?', undef, $token);
-    
-    # Update the user's password in the profiles table and delete the token
-    # from the tokens table.
-    $dbh->bz_start_transaction();
-    $dbh->do(q{UPDATE   profiles
-               SET      cryptpassword = ?
-               WHERE    userid = ?},
-             undef, ($cryptedpassword, $userid) );
-    Bugzilla->memcached->clear({ table => 'profiles', id => $userid });
-    $dbh->do('DELETE FROM tokens WHERE token = ?', undef, $token);
-    $dbh->bz_commit_transaction();
+    my ($user_id) = $dbh->selectrow_array('SELECT userid FROM tokens WHERE token = ?', undef, $token);
+    my $user = Bugzilla::User->check({ id => $user_id });
+    $user->set_password($password);
+    $user->update();
+    delete_token($token);
+    $dbh->do("DELETE FROM tokens WHERE userid = ? AND tokentype = 'password'", undef, $user_id);
 
-    Bugzilla->logout_user_by_id($userid);
+    Bugzilla->logout_user_by_id($user_id);
 
     $vars->{'message'} = "password_changed";